Thread: Shell Dump in Win98(se)?
View Single Post
  #3  
Old December 14th 08, 06:09 PM posted to microsoft.public.win98.setup
teebo
External Usenet User
  
Posts: 185
Default Shell Dump in Win98(se)?
My computer froze while downloading an mp3 file.

strange. shouldn't happen even if the disk went completly full
by that download. I imagine some webbrowser could perhaps hang
but the whole win98? (btw, what web browser do you use?)

When I rebooted two files appeared in the folder where the mp3 was beingsaved. (I'll call this Folder A.)One file was called:

so instead of c:\somewhere\A\nicemusic.mp3 (5 MB) you ended up with
c:\somewhere\A\40-5081-.101 (222000 KB)
c:\somewhere\A\shell
sort of?

I tried to delete the above files but could not. At first I got an
"access denied, the disk is full or write protected" message and then a
freeze due to an "exception in crypt32.dll"

hmm... if we assume that your disk isn't full then
perhaps those two files is perhaps part of some ugly spywarething,
but you have checked for that so....

On the next reboot the files were no longer visible in windows explorer,
but I could not remove Folder A in windows or from a DOS window or a DOS
"command only" prompt because windows and DOS reported Folder A
contained files.

if you start windows in dos only mode (or boot from a dos floppy)
and go the the directory (in my example c:\somewh~1\A\)
you could perhaps run the dos command attrib to see hidden files
and in that directory use attrib /s -S -H -R *.*
to unhide/unprotect them.

you could allso try run scandisk too se if the filesystem is broken somehow.

On the next reboot, I tried to copy the files and folders on the same
level as Folder A (2nd level) to a new first level folder. The files
and folders wound up in the Folder A.

so when you did copy c:\somewhere\A\*.* c:\newplace
(or same thing in windows explorer) the files where copied to where....?

I rebooted and was able to move the other second level files and folders
to an external drive, except for one (an older wav file) which showed
about a 300,000KB in windows explorer but winamp reported had 0 minutes.

is that 300000KB (=300MB sort of) or 300KB ?
and yeah if the wav-file is broken (isn't really a wav-file) then
it will be 0 minutes

Then I tried to scan the partition Folder A was on with a utility called
System Suite, but it could not access the partition that had contained
the now deleted Folder A.

yeah I assume there are better programs than windows builtin scandisk,
I haven't tried any called SystemSuite though, do you have a link
to that program?

btw did windows scandisk say the disk was ok?

Is there any way that I can check to see if these files are still on my
system and, if so, remove them? Perhaps a low-level formatting program?

hehe... you don't have to "low-level" format a partition to delete
all files on it. just formatting will be enough. (low level isn't even
possible on modern harddisk I believe). if you have some evil stuff
in the MBR (partitiontable) of the hard disk, then perhaps repartition
it too is nice. (or just fdisk /mbr).
Booting from some floppy that you know is absolutely clean of malware
of course. remember to verify that you have backupped everthying important
and allmost-important like bookmarks and stuff to an dvd or usb-memory first
before you wipe everything on you harddisk. Allso write down what
hardware you have, and win98-serial, it will simplify when you reinstall
windows98 after the formatting.

now I don't think you have to format & reinstall windows...
you shouldn't jump to that 'solution' before you know that you
*have* too....

about finding if the files is still there...
if your computer is new enough to handle it (at least 256MB memory)
then you could boot on a linux livecd (like Ubuntu) and look for files
with its filemanager. perhaps easier than just using dos commands
from a dos floppy.

Or would they show up in a registry entry? Or can they be made visible

you mean if the files are refered (loaded) from the registry?
just search with regedit for the filenames and see...

with a windows or DOS command? I'm uneasy about using the computer.

if you feel uneasy using the computer, and allready have backupped
all files on the computer to cd/dvd/usb, and have all drivers for that
motherboard/graphics/network/soundcard/printer in good order on cd...
....well then it could be nice to repartition&reformat and a clean
reinstall of win98...
You know the "this time I will do everything right and no disorder" ;-)
(98lite is a good tool for getting rid of internetexplorer during
install for example. and (assuming you have another noninfected computer)
you could perhaps check out the win98-projets at msfn.org to install
new bugfixes&patches, usbdrivers etc)

BTW, TrojanHunter found no trojans in Folder A.
Thanks for any help.

it is allways nice to use more than one spyware-searcher.
spybot search&destroy http://www.safer-networking.org/en/home/
is a nice one.